palo_alto 0.3.1 → 0.3.2

data/lib/palo_alto/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module PaloAlto
-  VERSION = '0.3.1'
+  VERSION = '0.3.2'
 end

data/lib/palo_alto.rb

@@ -170,14 +170,38 @@ module PaloAlto
     attr_accessor :host, :username, :auth_key, :verify_ssl, :debug, :timeout
 
     def pretty_print_instance_variables
-      super - [:@password, :@subclasses, :@subclasses, :@expression, :@arguments]
+      super - [:@password, :@subclasses, :@subclasses, :@expression, :@arguments, :@cache]
     end
 
-    def execute(payload, skip_authentication: false)
+    def execute(payload, skip_authentication: false, skip_cache: false)
       if !auth_key && !skip_authentication
         get_auth_key
       end
 
+      if payload[:type] == 'config' && !skip_cache
+        if payload[:action] == 'get'
+          start_time = Time.now
+          @cache.each do |cached_xpath, cache|
+            search_xpath = payload[:xpath].sub('/descendant::device-group[1]/', '/device-group/')
+            next unless search_xpath.start_with?(cached_xpath)
+
+            remove = cached_xpath.split('/')[1...-1].join('/').length
+            new_xpath = 'response/result/' + search_xpath[(remove+2)..]
+
+            results = cache.xpath(new_xpath)
+						xml = Nokogiri.parse("<?xml version=\"1.0\"?><response><result>#{results.to_s}</result></response>")
+
+            if debug.include?(:statistics)
+              warn "Elapsed for parsing cache: #{Time.now - start_time} seconds"
+            end
+
+            return xml
+          end
+        elsif !@keep_cache_on_edit
+          @cache = {}
+        end
+      end
+
       retried = false
       begin
         # configure options for the request
@@ -198,7 +222,7 @@ module PaloAlto
         start_time = Time.now
         text = Helpers::Rest.make_request(options)
         if debug.include?(:statistics)
-          warn "Elapsed for API call #{payload[:type]}/#{payload[:action] || '(unknown action)'} on #{host}: #{Time.now - start_time} seconds"
+          warn "Elapsed for API call #{payload[:type]}/#{payload[:action] || '(unknown action)'} on #{host}: #{Time.now - start_time} seconds, #{text.length} bytes"
         end
 
         warn "received: #{Time.now}\n#{text}\n" if debug.include?(:received)
@@ -231,14 +255,39 @@ module PaloAlto
       end
     end
 
-    def commit!(all: false, device_groups: nil, templates: nil, wait_for_completion: true, wait: 5, timeout: 480)
+    def clear_cache!
+      @cache = {}
+      @keep_cache_on_edit = nil
+    end
+
+    def keep_cache_on_edit!
+      @keep_cache_on_edit = true
+    end
+
+    def cache!(xpath)
+      cached_xpath = xpath.is_a?(String) ? xpath : xpath.to_xpath
+
+      payload = {
+        type: 'config',
+        action: 'get',
+        xpath: cached_xpath
+      }
+
+      @cache[cached_xpath] = execute(payload, skip_cache: true)
+      true
+    end
+
+    def commit!(all: false, device_groups: nil, templates: nil,
+                admins: [username],
+                raw_result: false,
+                wait_for_completion: true, wait: 5, timeout: 480)
       return nil if device_groups.is_a?(Array) && device_groups.empty? && templates.is_a?(Array) && templates.empty?
 
       cmd = if all
               'commit'
             else
               { commit: { partial: [
-                { 'admin': [username] },
+                { 'admin': admins },
                 if device_groups
                   device_groups.empty? ? 'no-device-group' : { 'device-group': device_groups }
                 end,
@@ -256,8 +305,9 @@ module PaloAlto
             end
       result = op.execute(cmd)
 
-      job_id = result.at_xpath('response/result/job')&.text
+      return result if raw_result
 
+      job_id = result.at_xpath('response/result/job')&.text
       return result unless job_id && wait_for_completion
 
       wait_for_job_completion(job_id, wait: wait, timeout: timeout) if job_id
@@ -294,6 +344,7 @@ module PaloAlto
 
     # will execute block if given and unlock afterwards. returns false if lock could not be aquired
     def lock(area:, comment: nil, type: nil, location: nil)
+      raise MalformedCommandException, 'No type specified' if location && !type
       if block_given?
         return false unless lock(area: area, comment: comment, type: type, location: location)
 
@@ -309,7 +360,8 @@ module PaloAlto
         op.execute(cmd, type: type, location: location)
         true
       rescue PaloAlto::InternalErrorException => e
-        return true if e.message.start_with?('You already own a config lock for scope ')
+        return true if e.message.start_with?('You already own a config lock for scope ') ||
+                       e.message == "Config for scope shared is currently locked by #{username}"
 
         false
       end
@@ -337,9 +389,9 @@ module PaloAlto
       end
     end
 
-    def check_for_changes(usernames: [username])
-      cmd = if usernames
-              { show: { config: { list: { 'change-summary': { partial: { admin: usernames } } } } } }
+    def check_for_changes(admins: [username])
+      cmd = if admins
+              { show: { config: { list: { 'change-summary': { partial: { admin: admins } } } } } }
             else
               { show: { config: { list: 'change-summary' } } }
             end
@@ -350,6 +402,42 @@ module PaloAlto
       }
     end
 
+    # returns nil if job isn't finished yet, otherwise the job result
+    def query_and_parse_job(job_id)
+      cmd = { show: { jobs: { id: job_id } } }
+      result = op.execute(cmd)
+      status = result.at_xpath('response/result/job/status')&.text
+      return result unless %w[ACT PEND].include?(status)
+
+      nil
+    rescue => e
+      warn [:job_query_error, e].inspect
+      false
+    end
+
+    # returns true if successful
+    # returns nil if not completed yet
+    # otherwise returns the error
+    def commit_successful?(commit_result)
+      if commit_result.at_xpath('response/msg')&.text&.start_with?('The result of this commit would be the same as the previous commit queued/processed') ||
+         commit_result.at_xpath('response/msg')&.text == 'There are no changes to commit.'
+        return true
+      end
+
+      job_id = commit_result.at_xpath('response/result/job')&.text
+      unless job_id
+        warn [:no_job_id, result].inspect
+        return false
+      end
+
+      job_result = query_and_parse_job(job_id)
+      return job_result if !job_result # can be either nil or false (errored)
+
+      return true if job_result.xpath('response/result/job/details/line').text&.include?('Configuration committed successfully')
+
+      job_result
+    end
+
     def wait_for_job_completion(job_id, wait: 5, timeout: 600)
       cmd = { show: { jobs: { id: job_id } } }
       start = Time.now
@@ -406,6 +494,8 @@ module PaloAlto
 
       @subclasses = {}
 
+      @cache = {}
+
       # xpath
       @expression = :root
       @arguments = [Expression.new(:this_node), []]

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: palo_alto
 version: !ruby/object:Gem::Version
-  version: 0.3.1
+  version: 0.3.2
 platform: ruby
 authors:
 - Sebastian Roesner
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-09-09 00:00:00.000000000 Z
+date: 2023-01-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: nokogiri